Controlling U3 smart drive use in the enterprise

Many users have loaded Skype on U3 smart drives to get around their company's security policy. In this expert Q&A, application security pro Michael Cobb explains the best ways to control the use of mobile storage devices and protect the confidentiality of your data.

Users have discovered that they can load Skype on U3 smart drives to get around our security policies. If we want to control p2p applications, what are our options? Can we employ application control on the desktop?

Mobile storage devices, or so called thumb drives, pose a real risk to network security. They can be used to download confidential data or introduce malicious code to the network. There has probably been far more corporate data lost to misplaced or stolen thumb drives than to laptops!

U3 devices compound these problems, since software can be downloaded on the host computer without any need for...

I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

Please check the box if you want to proceed.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

administrative privileges. U3 smart drives are specially formatted USB flash drives developed for Microsoft Windows systems, and they store and execute their own applications directly from the drive. Any data written to files or the host computer's registry is removed when the flash drive is ejected. This is an administrative nightmare, since users can easily run unauthorized programs that may consume bandwidth, impair network performance or undermine productivity. And the problem isn't going to go away. According to U3, forecasts predict USB flash drive sales to grow to 150 million units worldwide by 2008, with 70% of them projected to be smart drives.

You have various options to control the use of these devices. You could disable Universal Plug and Play, a set of protocols that automatically load USB storage devices as a drive, though this is a little draconian. A better solution is to control which USB devices are allowed to connect to your systems. GFI Software Ltd.'s EndPointSecurity, for example, allows administrators to log access and monitor the activity of storage devices such as USB drives and communication devices like BlackBerrys.

I would combine this type of defense with some form of application control at the desktop. Safend's USB Port Protector, for example, allows smart storage devices to be used strictly as simple storage devices (so long as they comply with the rest of your storage policy). The tool blocks their smart functionality so that programs can't be run from the device.

To tackle security issues involving Skype in particular, I would look to review your network border controls, such as firewalls, and stop the traffic on the network. Also, visit the Skype Web site, where you'll find an administrative template file for Windows Active Directory environments, allowing you to control Skype's use. At the end of the day, though, the only way to really reduce the risk of thumb drives is to develop and enforce an acceptable usage policy for thumb drives and U3-based applications. Your staff should also be made aware of the consequences of non-compliance.

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy